These standards included rules regarding the portability of medical information as well as the establishment and protection of a patient’s right to medical privacy.

There was also the issue of ensuring that people could keep their health care coverage when they left their jobs.

HIPAA, the law that resulted from efforts to address these concerns, was passed by Congress and signed by President Bill Clinton.

While the law itself was passed in 1996, the actual details of the law were left to future specifications by Congress, as well as the Secretary of Health and Human Services.

The Privacy Rule was the first aspect of HIPAA to be finalized in 1999. Next came the Transaction and Code Sets Final Rule, in 2000, followed by the Security Rule and the National Provider Identifier, or Unique Identifiers, rule.

The Enforcement Rule specification was, as of 2006, the last part to be finalized in detail.

The law is broken up into Title I and Title II, the latter of which is also broken up into separate Rules.

Title I is called “Health Care Access, Portability, and Renewability” and it deals with health care plans and policies. Title I regulates the amount of “exclusion” period, or time that health insurers can delay coverage for pre-existing conditions, and also allows ways for policy holders to reduce the exclusion period. Title I also enables people to carry their insurance from one job to the next.

Title II is called “Preventing Health Care Fraud and Abuse” and it is made up of five separate Rules: the Privacy Rule, Transactions and Code Sets Rule, Security Rule, Unique Identifiers or National Provider Rule, and the Enforcement Rule.

HIPAA Requirements for Compliance

To comply with HIPAA patient privacy regulations, there are a number of steps that health care providers and insurance companies must take.

The law requires that a company must have a HIPAA Compliance Officer who has taken a training course in compliance. This person will be the one who is ultimately responsible for staying on top of HIPAA requirements and ensuring that the organization is following the law.

Employees need to be kept up to date on policies that pertain to the organization. This may also require ongoing training for the staff.

HIPAA requires organizations to safeguard patient data against unauthorized access and disclosure. This involves implementing a number of security measures that are adequate to prevent physical and network-based intrusions.

In the event of a security breach, organizations are required by law to report the incident and to inform those patients and clients whose information may be affected.

HIPAA Complaints and Violations

In the event of a violation of the HIPAA law, patients are given options to file a complaint. This primarily involves contacting the Office for Civil Rights (OCR). The OCR has the authority to investigate allegations of violations and to enforce the law, particularly the Privacy Rule.

Affected parties are required to file a written and detailed complaint either on paper, through the U.S. Mail, via email or by fax within 180 days of the incident, although some deadline exceptions may be granted. HIPAA also forbids retaliation against, or harassment of, those who file complaints.

Punishments for HIPAA violations can include hefty fines, or in the case of willful or egregious violations, imprisonment. HIPAA allows for additional punishments to be administered at the state level.

For instance, California allows for additional fines, such as $250,000 for disclosure of a person’s medical information for financial gain, and also allows affected parties to file a civil lawsuit.

Medical practices use a specialized Electronic Medical Records (EMR) System, also called an Electronic Health Records (EHR) System.We specialize in making the transition to an EMR simple and cost-effective for practices of all sizes.

Let our experts navigate you through all the acronyms and options so your practice can reach the meaningful use requirements in HITECH.

Get Free Quotes On Medical Record Scanning & Storage Services

Record Nations can help you find a reputable local medical record scanning partner that can handle your project quickly, efficiently and securely. Let us help you get more organized and eliminate the costs associated with digital paper document management today!